What should an information security manager do FIRST upon learning of a significant regulatory change that impacts how the organization should safeguard critical data?

• A.Perform a gap analysis.
• B.Implement needed control changes.
• C.Report the regulatory change to senior management
• D.Assess impact to industry peers.

Comment: *

Name: *

Email: *

Verification: *

Which of the following will BEST protect against malicious activity by a former employee?

• A.Preemployment screening
• B.Close monitoring of users
• C.Periodic awareness training
• D.Effective termination procedures

Comment: *

Name: *

Email: *

Verification: *

The MOST complete business case for security solutions is one that.

• A.includes appropriate justification.
• B.explains the current risk profile.
• C.details regulatory requirements.
• D.identifies incidents and losses.

Comment: *

Name: *

Email: *

Verification: *

Which of the following metrics would provide management with the MOST useful information about the effectiveness of a security awareness program?

• A.Increased number of reported security incidents
• B.Decreased number of phishing attacks
• C.Increased number of downloads of the organization's security policy
• D.Decreased number of security incidents

Comment: *

Name: *

Email: *

Verification: *

Which of the following has the MOST influence on an organization's adoption of information security policies?

• A.Demonstrated senior management commitment
• B.A comprehensive security awareness program
• C.Enforcement of penalties for noncompliance
• D.Established key performance indicators (KPIs)

Comment: *

Name: *

Email: *

Verification: *